class Mongo::Auth::User

Represents a user in MongoDB.

@since 2.0.0

Attributes

auth_mech_properties[R]

@return [ Hash ] The authentication mechanism properties.

auth_source[R]

@return [ String ] The authorization source, either a database or

external name.
client_key[R]

The client key for the user.

@return [ String ] The client key for the user.

database[R]

@return [ String ] The database the user is created in.

mechanism[R]

@return [ Symbol ] The authorization mechanism.

name[R]

@return [ String ] The username.

password[R]

@return [ String ] The cleartext password.

roles[R]

@return [ Array<String> ] roles The user roles.

Public Class Methods

new(options) click to toggle source

Create the new user.

@example Create a new user.

Mongo::Auth::User.new(options)

@param [ Hash ] options The options to create the user from.

@option options [ String ] :auth_source The authorization database or

external source.

@option options [ String ] :database The database the user is

authorized for.

@option options [ String ] :user The user name. @option options [ String ] :password The user's password. @option options [ Symbol ] :auth_mech The authorization mechanism. @option options [ Array<String>, Array<Hash> ] roles The user roles. @option options [ String ] :client_key The user's client key cached from a previous

authentication on the same connection.

@since 2.0.0

# File lib/mongo/auth/user.rb, line 160
def initialize(options)
  @database = options[:database] || Database::ADMIN
  @auth_source = options[:auth_source] || self.class.default_auth_source(options)
  @name = options[:user]
  @password = options[:password] || options[:pwd]
  @mechanism = options[:auth_mech]
  if @mechanism
    # Since the driver must select an authentication class for
    # the specified mechanism, mechanisms that the driver does not
    # know about, and cannot translate to an authentication class,
    # need to be rejected.
    unless @mechanism.is_a?(Symbol)
      # Although we documented auth_mech option as being a symbol, we
      # have not enforced this; warn, reject in lint mode
      if Lint.enabled?
        raise Error::LintError, "Auth mechanism #{@mechanism.inspect} must be specified as a symbol"
      else
        log_warn("Auth mechanism #{@mechanism.inspect} should be specified as a symbol")
        @mechanism = @mechanism.to_sym
      end
    end
    unless Auth::SOURCES.key?(@mechanism)
      raise InvalidMechanism.new(options[:auth_mech])
    end
  end
  @auth_mech_properties = options[:auth_mech_properties] || {}
  @roles = options[:roles] || []
  @client_key = options[:client_key]
end

Private Class Methods

default_auth_source(options) click to toggle source

Generate default auth source based on the URI and options

@api private

# File lib/mongo/auth/user.rb, line 212
def self.default_auth_source(options)
  case options[:auth_mech]
  when :gssapi, :mongodb_x509
    '$external'
  when :plain
    options[:database] || '$external'
  else
    options[:database] || Database::ADMIN
  end
end

Public Instance Methods

==(other) click to toggle source

Determine if this user is equal to another.

@example Check user equality.

user == other

@param [ Object ] other The object to compare against.

@return [ true, false ] If the objects are equal.

@since 2.0.0

# File lib/mongo/auth/user.rb, line 66
def ==(other)
  return false unless other.is_a?(User)
  name == other.name && database == other.database && password == other.password
end
auth_key(nonce) click to toggle source

Get an authentication key for the user based on a nonce from the server.

@example Get the authentication key.

user.auth_key(nonce)

@param [ String ] nonce The response from the server.

@return [ String ] The authentication key.

@since 2.0.0

# File lib/mongo/auth/user.rb, line 82
def auth_key(nonce)
  Digest::MD5.hexdigest("#{nonce}#{name}#{hashed_password}")
end
encoded_name() click to toggle source

Get the UTF-8 encoded name with escaped special characters for use with SCRAM authorization.

@example Get the encoded name.

user.encoded_name

@return [ String ] The encoded user name.

@since 2.0.0

# File lib/mongo/auth/user.rb, line 95
def encoded_name
  name.encode(BSON::UTF8).gsub('=','=3D').gsub(',','=2C')
end
hash() click to toggle source

Get the hash key for the user.

@example Get the hash key.

user.hash

@return [ String ] The user hash key.

@since 2.0.0

# File lib/mongo/auth/user.rb, line 107
def hash
  [ name, database, password ].hash
end
hashed_password() click to toggle source

Get the user's hashed password for SCRAM-SHA-1.

@example Get the user's hashed password.

user.hashed_password

@return [ String ] The hashed password.

@since 2.0.0

# File lib/mongo/auth/user.rb, line 119
def hashed_password
  unless password
    raise Error::MissingPassword
  end

  @hashed_password ||= Digest::MD5.hexdigest("#{name}:mongo:#{password}").encode(BSON::UTF8)
end
options() click to toggle source

Loggable requires an options attribute. We don't have any options hence provide this as a stub.

@api private

# File lib/mongo/auth/user.rb, line 52
def options
  {}
end
sasl_prepped_password() click to toggle source

Get the user's stringprepped password for SCRAM-SHA-256.

@api private

# File lib/mongo/auth/user.rb, line 130
def sasl_prepped_password
  unless password
    raise Error::MissingPassword
  end

  @sasl_prepped_password ||= StringPrep.prepare(password,
    StringPrep::Profiles::SASL::MAPPINGS,
    StringPrep::Profiles::SASL::PROHIBITED,
    normalize: true, bidi: true).encode(BSON::UTF8)
end
spec() click to toggle source

Get the specification for the user, used in creation.

@example Get the user's specification.

user.spec

@return [ Hash ] The user spec.

@since 2.0.0

# File lib/mongo/auth/user.rb, line 198
def spec
  { pwd: password, roles: roles }
end